1. Field of the Invention
The present invention relates to database security. More specifically, the present invention relates to a method and apparatus to support privileges at multiple levels of authentication using a constraining ACL (access control list).
2. Related Art
As computer systems store ever-larger amounts of sensitive data, it is becoming increasingly important to protect this sensitive data from unauthorized accesses. The global costs incurred from such database security breaches can run into billions of dollars annually, and the cost to individual companies can be severe, sometimes catastrophic.
Systems typically determine privileges based on a user's login name or a user's role. There is a growing need to determine privileges based on multiple levels of authentication, both in private enterprises and government institutions, especially when dealing with highly sensitive data. Note that it is generally desirable to use security architectures that are flexible, maintainable, and auditable.